SYMBOLCOMMON_NAMEaka. SYNONYMS
win.rhadamanthys (Back to overview)

Rhadamanthys


According to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.

At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.

References
2023-01-16Medium elis531989Eli Salem
@online{salem:20230116:dancing:3a33ea6, author = {Eli Salem}, title = {{Dancing With Shellcodes: Analyzing Rhadamanthys Stealer}}, date = {2023-01-16}, organization = {Medium elis531989}, url = {https://elis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88}, language = {English}, urldate = {2023-01-16} } Dancing With Shellcodes: Analyzing Rhadamanthys Stealer
Rhadamanthys
2023-01-12CybleincCyble
@online{cyble:20230112:rhadamanthys:c1e900e, author = {Cyble}, title = {{Rhadamanthys: New Stealer Spreading Through Google Ads}}, date = {2023-01-12}, organization = {Cybleinc}, url = {https://blog.cyble.com/2023/01/12/rhadamanthys-new-stealer-spreading-through-google-ads/}, language = {English}, urldate = {2023-01-16} } Rhadamanthys: New Stealer Spreading Through Google Ads
Rhadamanthys
2022-01-03Malware Traffic AnalysisBrad Duncan
@online{duncan:20220103:20230103:d0e003c, author = {Brad Duncan}, title = {{2023-01-03 (TUESDAY) - GOOGLE AD --> FAKE NOTPAD++ PAGE --> RHADAMANTHYS STEALER}}, date = {2022-01-03}, organization = {Malware Traffic Analysis}, url = {https://www.malware-traffic-analysis.net/2023/01/03/index.html}, language = {English}, urldate = {2023-01-06} } 2023-01-03 (TUESDAY) - GOOGLE AD --> FAKE NOTPAD++ PAGE --> RHADAMANTHYS STEALER
Rhadamanthys

There is no Yara-Signature yet.